Viruses Passing Through MailScanner/Sophos

Joe Guderjohn jwguderjohn at IEEE.ORG
Mon Aug 16 17:00:45 IST 2004


<x-flowed>
Julian Field wrote:

> At 15:47 16/08/2004, you wrote:
>
>> Hello,
>>
>> I've seen this mentioned in previous posts, but I'm not sure if a
>> "universal" fix
>> is available.
>>
>> Environment: MailScanner-4.29.7,  Sophos-3.82, Sendmail-8.12.11
>>
>> Problem: MyDoom-O (and maybe other) viruses occasionally pass through
>> MailScanner/Sophos undetected.
>>
>> Analysis: The infected messages that get past MailScanner/Sophos are
>> "multi-bounces",
>
>
> Can you send me the URL of a copy of one of these messages please.
> The last one I saw had corrupted headers, which stopped MailScanner
> finding
> the message buried in the body text. It does try to find all these
> "included" messages, but is apparently missing this one for some reason.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Julian,

Thanks for the prompt (as usual) response.

Can I email you the message instead of supplying a URL?

I can't (don't know how) to produce a password protected zip file
on the Linux box where I have the message file, and I can't move
it to my Windows desktop because NAV immediately quarantines
it.

I can gzip it and uuencode it - I think that will pass through most
virus scanners, or I can send you the message with the virus
'snipped' out. Will either of these work for you.

Thanks.

Joe
--
Joe Guderjohn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list